[Security Weekly] Honda Hit By Cyberattack, Snake Ransomware Suspected

2nd Week of June 2020

 

1. Japanese automaker Honda hit by cyberattack, operations disrupted

 

Honda, the seventh-largest automobile manufacturer in the world, confirmed to have suffered a cyberattack incident that disrupted its operations.

According to Honda, the attack took place on June 7, when the company experienced a loss of network connectivity and found itself unable to access its servers and databases. As a result, production activities in Europe were affected, while customer service and financial services were paralyzed. 

The company did not release any details on the attack, and stated that the impact was small and that restoration work is being done to resume normal operations. However, many security experts claimed the attack to be the Snake ransomware, and that there was a high chance that the threat actors had asked for a ransom. 

As ransomware attacks become increasingly frequent, Penta Security recommends encryption as the best defense against such attacks. A properly encrypted database has no actual value to outsiders, meaning the threat actor behind the ransomware would not be able to use or sell the data, greatly reducing their bargaining power. 

Penta Security’s D’Amo is an encryption solution that uses multiple encryption technologies for robust protection. MyDiamo provides encryption for open-source databases, chosen by many healthcare providers and NGOs. 

Sources: BBC, ZDNet

 

2. US presidential campaign suffers phishing attacks by Chinese and Iranian APT groups

 

On June 4, Google’s Threat Analysis Group (TAG) revealed that it has discovered two phishing campaigns launched by two different advanced persistent threat (APT) groups targeting the United States’ presidential campaign for the November election.

According to Google’s report, Chinese-related APT31, also known as Zirconium, launched attacks on Joe Biden’s campaign, while Iranian-related APT35, commonly known as Rocket Kitten, attacked Donald Trump’s campaign. Both threat actors targeted the personal emails of campaign staff members.

Google says that it has not detected any successful intrusion as of now. However, experts warn that all election staff members must be extra cautious when handling emails – not just work emails, but also personal emails. Specifically, attackers are trying to trick victims into entering their login credentials with a fake election portal that looks identical to a real one.

The goals of the threat actors are not exactly clear. As cyberattacks become increasingly utilized for foreign political interference, governments must take high security measures to protect the integrity of their elections and political processes.

A web application firewall like Penta Security’s WAPPLES not only effectively detects and stops malware and trojans embedded in phishing emails, but also prevents website defacements. 

However, even with proper security measures, it is still crucial for employees to not enter their information on any illegitimate platforms. The simplest way is to never type in anything after clicking a link, even if the link seems totally legitimate.

Sources: Threatpost, SC Media

 

3. E-healthcare provider Babylon Health exposes consultation videos of patients

 

UK-based Babylon Health pioneered the remote healthcare market. Its mobile app allows users to book appointments and have video consultations with general practitioners, alongside providing other features like health check and monitoring services. All GP appointments are conducted through the smartphone camera. 

On June 10, a British user posted a screenshot on Twitter showing that under the “Consultation Replays” section of the app, he was provided with 50 video recordings of another patient’s consultation instead of his own.

Babylon responded to the complaint immediately and discovered that an error in the latest software update had allowed three users to view the consultation recordings of others. However, it did not state how many patients did the recordings belong to.

Fortunately, the data breach was due to a software error instead of a cyberattack. Babylon reported the incident to the UK’s Information Commissioner’s Office, and fixed the error right away. Outside Britain, the company currently operates in Canada, US, and Rwanda. 

This incident serves as a warning sign to the E-healthcare industry. Personal health data are extremely sensitive and valuable, making them primary targets of cybercriminals.

Source: TechCrunch

 

4. Netwalker ransomware attacks multiple US universities

 

The Netwalker ransomware, also known as Mailto ransomware, has continuously struck three US universities within the span of a week.

The first attack was directed at Michigan State University on May 27. After making a ransom demand, the threat actors proved themselves responsible by releasing online a scanned copy of a student’s passport, along with other copies of the university’s confidential financial information. 

The second attack hit the University of California, San Francisco on June 1. Widely regarded as the best medical school in the world, the postgraduate institution is the leader of COVID-19 research, where clinical trials for vaccines and treatments are conducted. The attackers claimed to have stolen sensitive research material. 

The most recent attack struck Columbia College Chicago on June 3. This time, the attackers claimed to have exfiltrated highly sensitive personally identifiable information including social security numbers.

Again, if the universities had their databases strongly encrypted, the ransomware threat actors would lose much of their leverage. 

Sources: MLive, BNN Bloomberg, Infosecurity

 

5. Insurance giant Genworth Financial exposes personal information in data breach

 

A Fortune 500 company, Genworth is a US-based insurance firm that provides mortgages and long term care products. The company disclosed a data breach incident that compromised both personal and financial information of some of its customers.

The company offers insurance products and services through in-house advisers, sales agents, and other external distributors.

According to Genworth, the data breach was discovered on April 20, where the company’s security team discovered an unauthorized party accessing many of its sales agents’ online portal accounts. These accounts contain sensitive customer information, including name, age, gender, address, date of birth, social security number, and bank account information.

How the attackers obtained the login credentials remains unknown. It is highly likely they were stolen from a previous intrusion. Genworth did not disclose the exact number of individuals affected, but it has promised to offer free credit monitoring services to all those affected for a year.

Source: Bleeping Computer

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Web Application Firewall for Cloud: WAPPLES SA

Database Encryption: D’Amo

Authentication: ISign+ 

Smart Car Security: AutoCrypt